Authenticated device, authenticating device and authenticating method

ABSTRACT

An authenticated device  200  includes a memory unit  220  to store at least one algorithm identifier and at least one encryption key identifier, a transmitting unit  212  to transmit at least one algorithm identifier and at least one encryption key identifier stored by the memory unit  220  to an authenticating device  100 , a receiving unit  211  to receive a prescribed algorithm identifier and a prescribed encryption key identifier selected from among at least one algorithm identifier and at least one encryption key identifier transmitted by the transmitting unit  212  from the authenticating device  100 , and an authentication processing unit  296  to perform an authentication process with the authenticating device  100  based on the prescribed algorithm identifier and the prescribed encryption key identifier received by the receiving unit  211.

TECHNICAL FIELD

The present invention relates to an authenticated device or anauthenticating device. Alternatively, the present invention relates toan authenticating method for performing an authentication between theauthenticating device and the authenticated device.

BACKGROUND ART

When a user enjoys a certain service, identification (authentication) isperformed to identify whether the user is a valid user qualified toenjoy the service, and key sharing is performed for cryptographiccommunication. One type of cryptographic algorithm is used incryptographic communication, and authentication and key sharing cannotbe performed between devices implementing different algorithms.

Further, there is a reference describing a communication system whereina plurality of protocols for cryptographic technology application can beemployed (JP10-304333).

Additionally, there are references describing technologies utilizing aplurality of algorithms (JP2000-151578, JP5-227152).

As stated above, conventionally, one kind of cryptographic algorithm hasbeen used in cryptographic communication, therefore, when the algorithmis found to be vulnerable or is broken, or when security (safety) withdata encryption cannot be held due to leakage of keys or the like, asecurer algorithm etc. is to be implemented. In such a case, it mayhappen that different algorithms are implemented by devices, and therehas been a problem in that authentication and key sharing cannot beperformed between such devices implementing different algorithms, asreferred to above. Also, since different cryptographic algorithms areprovided by each manufacturer or the like for a market etc., there hasbeen a problem in that authentication and key sharing cannot beperformed between devices implementing such different algorithms.

Moreover, there has been a problem in that when the security (safety) isnot being maintained any more, a securer algorithm is to be implementedas mentioned above, which may result in a case where the existentsystems and devices become unusable by implementing a new algorithm etc.

Additionally, there has been a problem in that even if a moresophisticated algorithm is to be devised in the future, the algorithmcannot be applied to the device which has been used.

It is an object of the present invention to resolve problems such asimpossibility to perform the authentication due to difference ofinstalled algorithms.

It is another object of the present invention to allow a system and adevice to remain operable even when an algorithm has been made unusabledue to breaking of the algorithm or the like.

Further, it is another object of the present invention to reduce therisk of decrease in security due to breaking of the algorithm or thelike, by allowing a system and a device to remain workable.

Additionally, it is another object of the present invention to reducethe chances of invalid decryption being performed by eavesdropping etc.,and to improve the security.

DISCLOSURE OF THE INVENTION

There is provided according to one aspect of the present invention anauthenticated device including:

a memory unit to store at least one algorithm identifier and at leastone encryption key identifier;

a transmitting unit to transmit the at least one algorithm identifierand the at least one encryption key identifier stored by the memory unitto an authenticating device;

a receiving unit to receive from the authenticating device a prescribedalgorithm identifier and a prescribed encryption key identifier,selected from among the at least one algorithm identifier and the atleast one encryption key identifier transmitted by the transmittingunit; and

an authentication processing unit to perform an authentication processwith the authenticating device, based on the prescribed algorithmidentifier and the prescribed encryption key identifier received by thereceiving unit.

Further, the memory unit stores at least one algorithm identifier and atleast one encryption key identifier in such a manner that one algorithmidentifier and one encryption key identifier are paired as one profile;

the transmitting unit transmits, to the authenticating device, the atleast one algorithm identifier and the at least one encryption keyidentifier stored by the memory unit in such a manner that one algorithmidentifier and one encryption key identifier are paired as one profile;

the receiving unit receives, from the authenticating device, theprescribed algorithm identifier and the prescribed encryption keyidentifier paired as a prescribed profile, among the at least onealgorithm identifier and the at least one encryption key identifiertransmitted by the transmitting unit; and

the authentication processing unit performs the authentication processwith the authenticating device, based on the prescribed algorithmidentifier and the prescribed encryption key identifier paired as theprescribed profile received by the receiving unit.

Additionally, the memory unit further stores a version identifier toidentify a version indicating a set in such a manner that one set isformed from at least one algorithm corresponding to the at least onealgorithm identifier stored; the transmitting unit further transmits theversion identifier stored by the memory unit to the authenticatingdevice;

the receiving unit further receives, from the authenticating device, theprescribed algorithm identifier corresponding to a prescribed algorithmamong the at least one algorithm forming the set indicated by theversion identified by the version identifier transmitted from thetransmitting unit; and

the authentication processing unit further performs the authenticationprocess with the authenticating device, based on the prescribedalgorithm identifier received by the receiving unit and on a prescribedencryption key identifier paired with the prescribed algorithmidentifier.

Furthermore, there is provided another aspect of the present inventionan authenticating device including:

a memory unit to store at least one algorithm identifier and at leastone encryption key identifier;

a receiving unit to receive at least one algorithm identifier and atleast one encryption key identifier from an authenticated device;

a selecting unit to select a prescribed algorithm identifier and aprescribed encryption key identifier to be stored by the memory unitfrom among the at least one algorithm identifier and the at least oneencryption key identifier received by the receiving unit, when the atleast one algorithm identifier and the at least one encryption keyidentifier stored by the memory unit exist among the at least onealgorithm identifier and the at least one encryption key identifierreceived by the receiving unit;

a transmitting unit to transmit the prescribed algorithm identifier andthe prescribed encryption key identifier selected by the selecting unitto the authenticated device; and

an authentication processing unit to perform an authentication processwith the authenticated device, based on the prescribed algorithmidentifier and the prescribed encryption key identifier transmitted bythe transmitting unit.

Further, the memory unit stores at least one profile identifier toidentify at least one profile, whereby one algorithm identifier amongthe at least one algorithm identifier and one encryption key identifieramong the at least one encryption key identifier are paired;

the receiving unit receives at least one profile identifier from theauthenticated device;

the selecting unit selects a prescribed profile identifier to be storedby the memory unit from among the at least one profile identifierreceived by the receiving unit, when the at least one profile identifierstored by the memory unit exists among the at least one profileidentifier received by the receiving unit;

the transmitting unit transmits the prescribed profile identifierselected by the selecting unit to the authenticated device; and

the authentication processing unit performs the authentication processwith the authenticated device, based on the prescribed algorithmidentifier and the prescribed encryption key identifier paired by aprescribed profile identified by the prescribed profile identifiertransmitted by the transmitting unit.

Additionally, the memory unit further stores a version identifier toidentify a version of a set in such a manner that one set is formed fromat least one algorithm corresponding to the at least one algorithmidentifier stored;

the receiving unit receives a prescribed version identifier from theauthenticated device;

the selecting unit further selects the prescribed algorithm identifiercorresponding to one algorithm in the set indicated by the versionidentified by the prescribed version identifier received by thereceiving unit;

the transmitting unit further transmits the prescribed algorithmidentifier selected by the selecting unit to the authenticated device;and

the authentication processing unit further performs the authenticationprocess with the authenticated device, based on the prescribed algorithmidentifier transmitted by the transmitting unit and on a prescribedencryption key identifier paired with the prescribed algorithmidentifier.

Furthermore, there is provided according to another aspect of theinvention an authenticating method including:

a first transmitting step to transmit, from an authenticated devicestoring a plurality of algorithm identifiers and a plurality ofencryption key identifiers, to an authenticating device, the pluralityof algorithm identifiers and the plurality of encryption key identifiersstored;

a first receiving step to receive the plurality of algorithm identifiersand the plurality of encryption key identifiers transmitted from theauthenticated device by the first transmitting step, at theauthenticating device storing at least one algorithm identifier and atleast one encryption key identifier;

a selecting step to select, at the authenticating device, a prescribedalgorithm identifier and a prescribed encryption key identifier to bestored by the authenticating device from among the plurality ofalgorithm identifiers and the plurality of encryption key identifiersreceived by the receiving step, when the at least one algorithmidentifier and the at least one encryption key identifier stored by theauthenticating device exist among the plurality of algorithm identifiersand the plurality of encryption key identifiers received by the firstreceiving step;

a second transmitting step to transmit the prescribed algorithmidentifier and the prescribed encryption key identifier selected by theselecting step, from the authenticating device to the authenticateddevice;

a second receiving step to receive the prescribed algorithm identifierand the prescribed encryption key identifier transmitted by the secondtransmitting step, from the authenticating device, at the authenticateddevice; and

an authentication processing step to perform an authentication processbetween the authenticating device and the authenticated device, based onthe prescribed algorithm identifier and the prescribed encryption keyidentifier received by the second receiving step.

Additionally, there is provided according to another aspect of thepresent invention an authenticating method including:

a first transmitting step to transmit, from an authenticated devicestoring at least one algorithm identifier and at least one encryptionkey identifier, to an authenticating device, the at least one algorithmidentifier and the at least one encryption key identifier stored;

a first receiving step to receive the at least one algorithm identifierand the at least one encryption key identifier transmitted from theauthenticated device by the first transmitting step, at theauthenticating device storing a plurality of algorithm identifiers and aplurality of encryption key identifiers;

a selecting step to select, at the authenticating device, a prescribedalgorithm identifier and a prescribed encryption key identifier to bestored by the authenticating device from among the at least onealgorithm identifier and the at least one encryption key identifierreceived by the receiving step, when at least one of the plurality ofalgorithm identifiers and at least one of the plurality of encryptionkey identifiers stored by the authenticating device exist among the atleast one algorithm identifier and the at least one encryption keyidentifier received by the first receiving step;

a second transmitting step to transmit the prescribed algorithmidentifier and the prescribed encryption key identifier selected by theselecting step, from the authenticating device to the authenticateddevice; a second receiving step to receive the prescribed algorithmidentifier and the prescribed encryption key identifier transmitted bythe second transmitting step, from the authenticating device, at theauthenticated device; and

an authentication processing step to perform an authentication processbetween the authenticating device and the authenticated device, based onthe prescribed algorithm identifier and the prescribed encryption keyidentifier received by the second receiving step.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram describing a structure of an authentication systemaccording to a first embodiment.

FIG. 2 is a flowchart describing an authenticating method according tothe first embodiment.

FIG. 3 is a diagram describing an example of a frame of communicationinformation 1.

FIG. 4 is a diagram describing an example of a frame of communicationinformation 2.

FIG. 5 is a diagram describing an example of a frame of communicationinformation 3.

FIG. 6 is a diagram describing an example of a frame of communicationinformation 4.

FIG. 7 is a diagram describing algorithm identifiers, encryption keyidentifiers, algorithms and individual keys installed on thecommunication device 200 side.

FIG. 8 is a diagram describing algorithm identifiers, encryption keyidentifiers, and algorithms installed on the communication device 100side.

FIG. 9 is a diagram describing a structure of an authentication systemaccording to a second embodiment.

FIG. 10 is a flowchart describing an authenticating method according tothe second embodiment.

FIG. 11 is a flowchart describing an authenticating method according toa third embodiment.

FIG. 12 is a flowchart describing an authenticating method according toa fourth embodiment.

FIG. 13 is a flowchart describing an authenticating method according toa fifth embodiment.

FIG. 14 is a hardware configuration diagram.

PREFERRED EMBODIMENTS FOR CARRYING OUT THE INVENTION

Embodiment 1

FIG. 1 is a diagram describing a structure of an authentication systemaccording to the first embodiment. In FIG. 1, the authentication systemincludes a communication device 100 as an authenticating device and acommunication device 200 as an authenticated device. The communicationdevice 100 includes an antenna 101, a communication processing unit 110,a memory unit 120, a control unit 130, a selecting unit 160 and anauthentication processing unit 196. The communication processing unit110 includes a receiving unit 111 and a transmitting unit 112. Theauthentication processing unit 196 includes an encryption processingunit 140, a random number generating unit 150, an individual keygenerating unit 170, a temporary key generating unit 180, anauthenticating data 1 generating unit 190 and an authenticating data 2checking unit 195. The communication device 200 includes an antenna 201,a communication processing unit 210, a memory unit 220, a control unit230 and an authentication processing unit 296. The communicationprocessing unit 210 includes a receiving unit 211 and a transmittingunit 212. The authentication processing unit 296 includes an encryptionprocessing unit 240, a random number generating unit 250, a temporarykey generating unit 280, an authenticating data 1 checking unit 290 andan authenticating data 2 generating unit 295. The first embodimentdescribes a case wherein wireless communication is performed between thecommunication device 100 and the communication device 200 via theantennas 101 and 201. However, it is not restricted to wirelesscommunication, and wire communication can be performed instead. Forexample, it is possible to configure the communication device 100 as aroadside device at a store side, and the communication device 200 as anon-board device at a vehicle side in ETC (Electronic Toll Collection) ordrive-through etc.

FIG. 2 is a flowchart describing the authenticating method according tothe first embodiment.

The memory unit 120 stores at least one algorithm identifier, at leastone encryption key identifier and algorithms corresponding to eachalgorithm identifier of at least one algorithm identifier. Further, thememory unit 120 stores at least one profile identifier to identify atleast one profile whereby one algorithm identifier of at least onealgorithm identifier and one encryption key identifier of at least oneencryption key identifier are paired with each other.

The memory unit 220 stores at least one algorithm identifier, at leastone encryption key identifier, algorithms corresponding to eachalgorithm identifier of at least one algorithm identifier, individualkeys unique to devices as encryption keys corresponding to eachencryption key identifier of at least one encryption key identifier, anda device unique number. Further, the memory unit 220 stores at least onealgorithm identifier and at least one encryption key identifier in sucha manner that one algorithm identifier and one encryption key identifierare paired as one profile, and at least one profile identifier toidentify profiles.

It is only necessary that at least one of the communication devices 100and 200 contains a plurality of pairs of one algorithm identifier andone encryption key identifier.

In S201 (Step 201) as a part of authentication processing steps, therandom number generating unit 150 generates a random number 1.

In S202 (Step 202), as a transmitting step, the transmitting unit 112transmits the random number 1 generated by the random number generatingunit 150 as communication information 1 to the communication device 200.For example, when a vehicle equipped with the communication device 200is detected by the communication device 100 with a detecting unit notshown in the figures, the transmitting unit 112 transmits the randomnumber 1 to the communication device 200. The communication device 100requests key information (a key identifier and an algorithm identifier)held by the communication device 200 by transmitting the random number 1as the communication information 1 to the communication device 200. Inother words, the communication information 1 is request information tothe communication device 200.

In S203, as a receiving step, the receiving unit 211 receives the randomnumber 1 as the communication information 1 transmitted by thetransmitting unit 112. The communication device 200 determines that thekey information (the key identifier and the algorithm identifier) heldby the communication device 200 is requested by the communication device100 by receiving the random number 1 at the receiving unit 211.

In S204, as a part of the authentication processing steps, the randomnumber generating unit 250 generates a random number 2.

In S205, as a transmitting step (a first transmitting step), thetransmitting unit 212 transmits as communication information 2, at leastone algorithm identifier, at least one encryption key identifier and thedevice unique number stored by the memory unit 220, and the randomnumber 2 generated by the random number generation unit 250 to thecommunication device 200 as the authenticating device. Now, onealgorithm identifier and one encryption key identifier are paired as aset represented as a profile. The communication information 2 containsdata of the random number 2, the device unique number, the number of theprofiles which is the same number as the sets of one algorithmidentifier and one encryption key identifier, profile identifiers of thesame number as the number of the profiles, and the algorithm identifiersand the encryption key identifiers paired as the profiles identified byeach of the profile identifiers. Further, each of the profileidentifiers, the algorithm identifiers and the encryption keyidentifiers paired as the profiles identified by each of the profileidentifiers are such data that the identifiers are mutuallycorrespondent. In sum, the transmitting unit 212 transmits to thecommunication device 100 as the authenticating device, at least onealgorithm identifier and at least one encryption key identifier storedby the memory unit 220 in such a manner that one algorithm identifierand one encryption key identifier are paired as one profile.

In S206, as a receiving step (a first receiving step), the receivingunit 111 receives, from the communication device 200 as theauthenticated device, the communication information 2 containing therandom number 2, the device unique number, the number of the profileswhich is the same number as the sets, at least one profile identifier ofthe same number as the number of the profiles, and at least onealgorithm identifier and at least one encryption key identifiercorresponding to each of the profile identifiers of at least one profileidentifier.

In S207, as a selecting step, when at least one algorithm identifier andat least one encryption key identifier stored by the memory unit 120exist among at least one algorithm identifier and at least oneencryption key identifier received by the receiving unit 111, theselecting unit 160 selects a prescribed algorithm identifier and aprescribed encryption key identifier to be stored by the memory unit 120from among at least one algorithm identifier and at least one encryptionkey identifier received by the receiving unit 111. In other words, whenat least one profile identifier stored by the memory unit 120 existsamong at least one profile identifier received by the receiving unit111, the selecting unit 160 selects a prescribed profile identifier tobe stored by the memory unit 120 from among at least one profileidentifier received by the receiving unit 111. By selecting theprescribed profile identifier, the prescribed algorithm identifier andthe prescribed encryption key identifier paired as a profile identifiedby the prescribed profile identifier are selected. It may be possible,for example, to simply select the algorithm identifier and theencryption key identifier commonly owned by both the communicationdevices 100 and 200, or to select the algorithm identifier and theencryption key identifier commonly owned by both the communicationdevices 100 and 200 after having deleted the algorithm identifier andthe encryption key identifier whose security has become insufficient dueto code-breaking etc. In the first embodiment, again, the algorithmidentifier and the encryption key identifier corresponding to theprescribed profile identifier are selected by selecting the prescribedprofile identifier.

In S208 as a part of the authentication processing steps, the individualkey generating unit 170 generates an individual key held by thecommunication device 200 as an encryption key corresponding to theprescribed encryption key identifier selected by the selecting unit 160,based on the device unique number in the communication information 2 byusing a hash value, for example.

In S209 as a part of the authentication processing steps, the temporarykey generating unit 180, by using an algorithm corresponding to theprescribed algorithm identifier selected by the selecting unit 160,encrypts the random numbers 1 and 2 with the individual key generated bythe individual key generating unit 170 as the encryption keycorresponding to the prescribed encryption key identifier, by means ofthe encryption processing unit 140, and generates a temporary key as oneexample of an encryption key for authentication process.

In S210, as a part of the authentication processing steps, theauthenticating data 1 generating unit 190 generates authenticating data1 by encrypting the whole or part of the random number 2 with thetemporary key generated by the temporary key generating unit 180, bymeans of the encryption processing unit 140.

In S211, as a transmitting step (a second transmitting step), thetransmitting unit 112 transmits, as communication information 3, theprescribed algorithm identifier and the prescribed encryption keyidentifier selected by the selecting unit 160, the correspondingprescribed profile identifier selected by the selecting unit, and theauthenticating data 1 generated by the authenticating data 1 generatingunit 190, to the communication device 200 as the authenticated device.

In S212, the receiving unit 211 receives, as the communicationinformation 3, the prescribed algorithm identifier, the prescribedencryption key identifier selected from among at least one algorithmidentifier and at least one encryption key identifier, the profileidentifier corresponding to the prescribed algorithm identifier and theprescribed encryption key identifier, and the authenticating data 1,transmitted by the transmitting unit 212 from the communication device100 as the authenticating device. In other words, the receiving unit 211receives the prescribed algorithm identifier and the prescribedencryption key identifier paired as the prescribed profile from among atleast one algorithm identifier and at least one encryption keyidentifier, transmitted by the transmitting unit 212 from thecommunication device 100 as the authenticating device.

In S213 as a part of the authentication processing steps, the encryptionprocessing unit 240 confirms the profile identifier received by thereceiving unit 211, and the prescribed encryption key identifier and theprescribed algorithm identifier corresponding to the profile identifier.

In S214, as a part of the authentication processing steps, the temporarykey generating unit 280, by using an algorithm corresponding to theprescribed algorithm identifier received by the receiving unit 211 andconfirmed by the encryption processing unit 240, encrypts the randomnumbers 1 and 2 with the individual key stored by the memory unit 220 bymeans of the encryption processing unit 240, and generates the temporarykey as one example of an encryption key for authentication process. Inthis way, the communication devices 100 and 200 are able to share thesame temporary keys. The individual key stored in the memory unit 220 isgenerated by a generating method equivalent to that in the individualkey generating unit 170, and is stored in the memory unit 220 in advanceby using some means such as an IC card. When the temporary keys aregenerated by the temporary key generating units 180 and 280, encryptionis performed with the temporary keys in the present embodiment. Instead,decryption may be performed, since it is only necessary that theauthenticating device and the authenticated device perform the sameprocess.

In S215, as a part of the authentication processing steps, theauthenticating data 1 checking unit 290 decrypts the encryptedauthenticating data 1 received as the communication information 3 by thereceiving unit 211 with the temporary key generated by the temporary keygenerating unit 280, by the means of the encryption processing unit 240.

In S216, as a part of the authentication processing steps, theauthenticating data 1 checking unit 290 checks whether data of thedecrypted authenticating data 1 is the whole or part of the randomnumber 2 transmitted from the communication device 200 to thecommunication device 100. If the data of the decrypted authenticatingdata 1 is the whole or part of the random number 2, it is shown that thecommunication for the authentication process is performed properly withthe communication device 100, not with a fraudulent attacker. That is tosay, one direction of the authentication process between thecommunication device 100 and the communication device 200 is proved tobe successful.

In S217, as a part of the authentication processing steps, theauthenticating data 2 generating unit 295 generates authenticating data2 by encrypting the whole or part of the random number 1 with thetemporary key generated by the temporary key generating unit 280, bymeans of the encryption processing unit 240.

In S218, as a transmitting step of a part of the authenticationprocessing steps, the transmitting unit 212 transmits the authenticatingdata 2 generated by the authenticating data 2 generating unit 295 ascommunication information 4 to the communication device 100.

In S219, as a receiving step of a part of the authentication processingsteps, the receiving unit 111 receives the authenticating data 2 as thecommunication information 4 from the communication device 200.

In S220, as a part of the authentication processing steps, theauthenticating data 2 checking unit 195 decrypts the encryptedauthenticating data 2 received by the receiving unit 111 as thecommunication information 4, with the temporary key generated by thetemporary key generating unit 180, by means of the encryption processingunit 140.

In S221, as a part of the authentication processing steps, theauthenticating data 2 checking unit 195 checks whether data of thedecrypted authenticating data 2 is the whole or part of the randomnumber 1 transmitted from the communication device 100 to thecommunication device 200. When the decrypted authenticating data 2 isthe whole or part of the random number 1, it is shown that thecommunication for the authentication process is performed properly withthe communication device 200, not with a fraudulent attacker. That is tosay, the other direction of the authentication process between thecommunication device 100 and the communication device 200 is proved tobe successful.

As stated above, the authentication process between the communicationdevice 100 and the communication device 200 is finished, and thereafter,the communication device 100 and the communication device 200communicate with each other data encrypted with the temporary keys,thereby security of the data is ensured.

FIG. 3 is a diagram describing an example of a frame of thecommunication information 1.

In FIG. 3, the communication information 1 contains a header and data ofthe random number 1.

FIG. 4 is a diagram describing an example of a frame of thecommunication information 2.

In FIG. 4, the communication information 2 contains a header, data ofthe random number 2, the device unique number (device unique No.), thenumber of the profiles (No. of profiles), the profile identifiers suchas Profile 1, . . . Profile n to identify each of the profiles, and thealgorithm identifiers (algorithm IDs) and the encryption key identifiers(key IDs) corresponding to each of the profile identifiers. In FIG. 4,the data is organized in such a manner that the correspondent relationamong each of the profile identifiers, and the algorithm identifiers andthe encryption key identifiers corresponding to each of the profileidentifiers is recognizable.

FIG. 5 is a diagram describing an example of a frame of thecommunication information 3.

In FIG. 5, the communication information 3 contains a header, Profile kas the prescribed profile identifier to identify the prescribed profileselected, the algorithm identifier (algorithm ID) and the encryption keyidentifier (key ID) corresponding to the prescribed profile identifier,and the authenticating data 1. In FIG. 5, the data is organized in sucha manner that the corresponding relation among the prescribed profileidentifier, the algorithm identifier and the encryption key identifiercorresponding to the prescribed profile identifier is recognizable.

FIG. 6 is a diagram describing an example of a frame of thecommunication information 4.

In FIG. 6, the communication information 4 contains a header and theauthenticating data 2.

FIG. 7 is a diagram describing the algorithm identifiers, the encryptionkey identifiers, the algorithms and the individual keys installed on thecommunication device 200 side.

In FIG. 7, at the communication device 200 side, the memory unit 220stores: an algorithm identifier (ID) and an encryption key identifier(ID) of a profile xx, an algorithm x corresponding to the algorithmidentifier, and an individual key x corresponding to the encryption keyidentifier; an algorithm identifier and an encryption key identifier ofa profile yy, an algorithm y corresponding to the algorithm identifier,and an individual key y corresponding to the encryption key identifier;. . . and an algorithm identifier and an encryption key identifier of aprofile zz, an algorithm z corresponding to the algorithm identifier,and an individual key z corresponding to the encryption key identifier.That is, they are installed (implemented) on the communication device200.

FIG. 8 is a diagram describing the algorithm identifiers, the encryptionkey identifiers and the algorithms installed on the communication device100 side.

In FIG. 8, at the communication device 100 side, the memory unit 120stores: an algorithm identifier (ID) and an encryption key identifier(ID) of a profile aa, and an algorithm 1 corresponding to the algorithmidentifier; an algorithm identifier and an encryption key identifier ofa profile bb, and an algorithm 2 corresponding to the algorithmidentifier; . . . and an algorithm identifier and an encryption keyidentifier of a profile cc, and an algorithm n corresponding to thealgorithm identifier. That is, they are installed (implemented) on thecommunication device 100.

As stated above, the authentication processing unit 296 performs theauthentication process with the communication device 100 as theauthenticating device, based on the prescribed algorithm identifier andthe prescribed encryption key identifier received by the receiving unit211. More specifically, the authentication processing unit 296 generatesthe temporary key as the encryption key for authentication process byusing the algorithm corresponding to the prescribed algorithm identifierreceived by the receiving unit 211 and the encryption key correspondingto the prescribed encryption key identifier received by the receivingunit, and performs the authentication process with the communicationdevice 100 as the authenticating device by using the generated temporarykey as the encryption key for authentication process. In other words,the authentication processing unit 296 generates the temporary key asthe encryption key for authentication process, by using the algorithmcorresponding to the prescribed algorithm identifier and the encryptionkey corresponding to the prescribed encryption key identifier receivedby the receiving unit 211, the prescribed algorithm identifier and theprescribed encryption key identifier being paired as the prescribedprofile, and performs the authentication process with the authenticatingdevice by using the generated temporary key as the encryption key forauthentication process.

On the other hand, the authentication processing unit 196 performs theauthentication process with the communication device 200 as theauthenticated device, based on the prescribed algorithm identifier andthe prescribed encryption key identifier transmitted by the transmittingunit 112. More specifically, the authentication processing unit 196generates the temporary key as the encryption key for authenticationprocess by using the algorithm corresponding to the prescribed algorithmidentifier transmitted by the transmitting unit 112, and with theencryption key corresponding to the prescribed encryption key identifiertransmitted by the transmitting unit 112, and performs theauthentication process with the communication device 200 as theauthenticated device by using the generated temporary key as theencryption key for authentication process. In other words, theauthentication processing unit 196 generates the temporary key as theencryption key for authentication process, by using the algorithmcorresponding to the prescribed algorithm identifier and the encryptionkey corresponding to the prescribed encryption key identifiertransmitted by the transmitting unit 112, the prescribed algorithmidentifier and the prescribed encryption key identifier being paired asthe prescribed profile identified by the prescribed profile identifier,and performs the authentication process with the authenticated device byusing the generated temporary key as the encryption key forauthentication process.

The control unit 130 controls each unit of the communication device 100.The control unit 230 in turn controls each unit of the communicationdevice 200. The memory unit 120 stores data generated in the processperformed in each unit of the communication device 100. The memory unit220 in turn stores data generated in the process performed in each unitof the communication device 200.

When the communication device 100 is configured as a roadside device ata store side, and the communication device 200 as an on-board device ata vehicle side in ETC, drive-through etc., for example, theabove-mentioned steps are recapitulated as follows.

First, the roadside device at the store requests to the on-board devicekey information (a key identifier and an algorithm identifier) held bythe on-board device.

Then, the on-board device transmits all the information concerning thekey held by itself to the roadside device.

Next, the roadside device selects from among the key informationreceived the key information coincides with the algorithm identifier andthe key identifier held by itself, and notifies the on-board device ofthe algorithm identifier and the key identifier selected.

Thereafter, the roadside device and the on-board device perform theauthentication and the key sharing by using common keys corresponding tothe algorithm identifier and the key identifier commonly owned with eachother.

As stated above, the first embodiment handles a plurality of algorithmsused for cryptographic communication, and enables the system to remainoperable even when an algorithm is made unusable due to breaking or thelike by using another algorithm, and to reduce the risk of decrease insecurity due to breaking of the algorithm and the like. Additionally,the first embodiment makes it possible to reduce the number of times anidentical algorithm is used by fully utilizing a plurality of thealgorithms, therefore, it is enabled to reduce the chances of breakingthe algorithm by unauthorized attacker, and to improve the security.Further, a newly devised algorithm can be installed on the communicationdevices, therefore, it is possible to facilitate application of thenewly devised algorithm. When at least one of the communication devices100 and 200 contains a plurality of the sets of one algorithm identifierand one key identifier, options are available, therefore such an effectmentioned above can be achieved. Meanwhile, in the first embodiment, itis only necessary that at least one of the devices 100 and 200 containsa plurality of the sets of one algorithm identifier and one encryptionkey identifier. However, according to the present invention, theauthentication can be performed when at least one set of one algorithmidentifier and one encryption key identifier of each device coincideswith each other. Therefore, a plurality of the sets need not becontained in at least one of the devices 100 and 200, and only one setmay be contained in each device. Further, since each device may containonly one set, the authenticating method according to the presentinvention can be applied to the conventional art wherein only oneencryption algorithm is used.

Embodiment 2

FIG. 9 is a diagram describing a structure of an authentication systemaccording to the second embodiment.

In FIG. 9, the authentication processing unit 296 in the communicationdevice 200 includes an authenticating data 1 generating unit 291 furtherto the configuration described in FIG. 1. Each of the other parts of theconfiguration is the same as in FIG. 1.

FIG. 10 is a flowchart describing an authenticating method according tothe second embodiment.

FIG. 10 is the same as FIG. 2 except that S215 and S216 of FIG. 2 areeach replaced with S1015 and S1016.

In S1015 as a part of the authentication processing steps, theauthenticating data 1 generating unit 291 generates the authenticatingdata 1 by encrypting the whole or part of the random number 2 with thetemporary key generated by the temporary key generating unit 280 bymeans of the encryption processing unit 240.

In S1016 as a part of the authentication processing steps, theauthenticating data 1 checking unit 290 checks whether the encryptedauthenticating data 1 received as the communication information 3 by thereceiving unit 211, and the authenticating data 1 generated by theauthenticating data 1 generating unit 291 coincide with each other. Ifthey coincide with each other, it is shown that the communication forauthentication process is performed properly with the communicationdevice 100, not with a fraudulent attacker. That is to say, onedirection of the authentication process between the communicationdevices 100 and 200 is proved to be successful.

By the configuration as stated above, the effect similar to that in thefirst embodiment can be achieved.

Embodiment 3

Each part of the configuration according to the third embodiment issimilar to that of FIG. 1.

FIG. 11 is a flowchart describing the authenticating method according tothe third embodiment.

FIG. 11 is similar to FIG. 2 except that S202 and S203 of FIG. 2 do notexist in FIG. 11.

In the third embodiment, the configuration is such that thecommunication device 200 transmits the communication information 2 tothe communication device 100 as the authenticating side, even when thecommunication device 100 has not transmitted the communicationinformation 1 to the communication device 200. By omitting such steps,authentication flow can be performed at a faster pace.

By the configuration as stated above, the effect similar to that in thefirst embodiment can be achieved.

Embodiment 4

Each part of the configuration according to the fourth embodiment issimilar to FIG. 1.

FIG. 12 is a flowchart describing the authenticating method according tothe fourth embodiment.

FIG. 12 is similar to FIG. 2 except that S205, S206, S207, S211 and S212of FIG. 2 are replaced with S1205. S1206, S1207, S1211 and S1212.

In the fourth embodiment, the memory unit 220 further stores a versionidentifier (ID) to identify a version indicating a set in a manner thatone set is formed from at least one algorithm corresponding to at leastone algorithm identifier stored.

The memory unit 120 in turn, further stores a version identifier (ID) toidentify a version of a set in such a manner that one set is formed fromat least one algorithm corresponding to at least one algorithmidentifier stored.

For example, a version identified by a version 1 as a version identifiersupports only DES as an algorithm. A version identified by a version 2supports DES and MISTY as algorithms. A version identified by a version3 supports DES, MISTY, Camellia and AES as algorithms.

In S1205 as a transmitting step (a first transmitting step), thetransmitting unit 212 transmits as communication information 2-1, atleast one algorithm identifier, at least one encryption key identifierand the device unique number stored by the memory unit 220, the randomnumber 2 generated by the random number generating unit 250, andfurther, the version identifier stored by the memory unit 220, to thecommunication device 100 as the authenticating device.

In S1206 as a receiving step (a first receiving step), the receivingunit 111 receives, from the communication device 200 as theauthenticated device, the communication information 2-1 containing therandom number 2, the device unique number, number of the profiles whichis the same number as the sets of one algorithm identifier and oneencryption key identifier, at least one profile identifier of the samenumber as the number of the profiles, at least one algorithm identifierand at least one encryption key identifier corresponding to each of theprofiles of at least one profile identifier, and a prescribed versionidentifier.

In S1207 as a selecting step, when at least one algorithm stored by thememory unit 120 exists in the set indicated by a version identified bythe prescribed version identifier received by the receiving unit 111,the selecting unit 160 selects a prescribed algorithm identifiercorresponding to an algorithm to be stored by the memory unit 120 fromthe set indicated by the version identified by the prescribed versionidentifier received by the receiving unit 111. When the communicationdevice 200 supports only an old version and all the algorithms indicatedby the old version have security problems, for example, it is possibleto terminate the rest of the authentication process without selectingany algorithms. On the other hand, when at least one algorithm usablefor the authentication process exists, it is possible to perform therest of the authentication process by using a usable algorithm. By usingthe version identifier, it is possible to detect from the versionidentifier whether a usable algorithm is installed on the communicationdevice 200.

In S1211 as a transmitting step (a second transmitting step), thetransmitting unit 112 transmits, as communication information 3-1, theprescribed algorithm identifier selected by the selecting unit 160 andthe authenticating data 1 generated by the authenticating data 1generating unit 190, to the communication device 200 as theauthenticated device.

In S1212 as a receiving step, the receiving unit 211 receives, as thecommunication information 3-1, the prescribed algorithm identifiercorresponding to the prescribed algorithm selected from among at leastone algorithm stored by the memory unit 220, which forms the setindicated by the version identified by the version identifier, and theauthenticating data 1 transmitted by the transmitting unit 212 from thecommunication device 100 as the authenticating device.

The authentication processing unit 296 thereafter generates theencryption key for authentication process by using the prescribealgorithm corresponding to the prescribed algorithm identifier receivedby the receiving unit 211, and the prescribed encryption keycorresponding to the prescribed encryption key identifier paired withthe prescribed algorithm identifier, and performs the authenticationprocess with the authenticating device by using the generated encryptionkey for authentication process.

The authentication processing unit 196 similarly generates theencryption key for authentication process by using the algorithmcorresponding to the prescribed algorithm identifier transmitted by thetransmitting unit 112, and the encryption key corresponding to theprescribed encryption key identifier paired with the prescribedalgorithm identifier, and performs the authentication process with theauthenticated device by using the generated encryption key forauthentication process.

In addition to the effect according to the first embodiment, it is alsopossible to eliminate an old version having security problems by theconfiguration as stated above.

In the fourth embodiment, the selecting unit 160 selects the prescribedalgorithm identifier, however, it is also possible that the selectingunit 160 further selects the prescribed encryption key identifiercorresponding to the selected prescribed algorithm identifier. In such acase, there is no need to replace S211 and S212 in FIG. 2 with S1211 andS1212 in FIG. 12.

Embodiment 5

Each part of the configuration according to the fifth embodiment issimilar to that in FIG. 1.

FIG. 13 is a flowchart describing the authenticating method according tothe fifth embodiment.

FIG. 13 is similar to FIG. 2 except that S205, S206 and S207 in FIG. 2are replaced with S1305, S1306, S1307, S1308, S1309, S1310, S1311 andS1307 in FIG. 13.

In the fifth embodiment, as in the fourth embodiment, the memory unit220 further stores a version identifier (ID) to identify a versionindicating a set in such a manner that one set is formed by at least onealgorithm corresponding to at least one algorithm identifier stored.

Similarly, the memory unit 120 further stores a version identifier (ID)to identify a version of a set in such a manner that one set is formedby at least one algorithm corresponding to at least one algorithmidentifier stored.

In S1305 as a transmitting step, the transmitting unit 212 transmits ascommunication information 2-2, the device unique number stored by thememory unit 220, the random number 2 generated by the random numbergenerating unit 250, and further, the version identifier stored by thememory unit 220, to the communication device 200 as the authenticatingdevice.

In S1306 as a receiving step (a first receiving step), the receivingunit 111 receives the communication information 2-2 containing therandom number 2, the device unique number and the prescribed versionidentifier from the communication device 200 as the authenticateddevice.

In S1307 as a selecting step, when the prescribed version identifierreceived by the receiving unit 111 coincides with the version identifierstored by the memory unit 120, the selecting unit 160 selects theversion identifier. When the prescribed version identifier received bythe receiving unit 111 does not coincide with the version identifierstored by the memory unit 120 but at least one algorithm stored by thememory unit 120 exists in the set indicated by the prescribed versionidentifier, the selecting unit 160 selects a version identifier of aversion indicating a set wherein at least one algorithm stored by thememory unit 120 exists. For example, when the version identifier storedby the memory unit 120 is a version identifier of a later version thanthe prescribed version identifier received by the receiving unit 111,the prescribed version identifier received by the receiving unit 111,which is of an old version, is selected so that the versions are commonto both the communication devices 100 and 200. By selecting the oldversion common to the communication devices 100 and 200, the rest of theauthentication process can be continued and the key sharing can beexecuted.

In S1308 as a transmitting step, the transmitting unit 112 transmits theversion identifier (ID) selected by the selecting unit 160 ascommunication information 2-3 to the communication device 200.

In S1309 as a receiving step, the receiving unit 211 receives theversion identifier as the communication information 2-3 from thecommunication device 100.

In 1310 as a transmitting step, the transmitting unit 212 transmits, ascommunication information 2-4, at least one profile identifier stored bythe memory unit 220, the algorithm identifiers and the encryption keyidentifiers paired as profiles identified by each of the profileidentifiers, and the number of the profiles which is the same number asthe sets of one algorithm identifier and one encryption key identifier,to the communication device 200 as the authenticating device.

In S1311 as a receiving step, the receiving unit 111 receives, as thecommunication information 2-4, at least one profile identifier, thealgorithm identifiers and the encryption key identifiers paired asprofiles identified by each of the profile identifiers, and the numberof the profiles which is the same number as the sets of one algorithmidentifier and one encryption key identifier, from the communicationdevice 200 as the authenticated device. The random number 2 and thedevice unique number are contained in the communication information 2-2,however they can be contained in the communication information 2-4instead.

In S1312 as a selecting step, when at least one profile identifierstored by the memory unit 120 exists among at least one profileidentifier received by the receiving unit 111, the selecting unit 160selects a prescribed profile identifier to be stored by the memory unit120 from among at least one profile identifier received by the receivingunit 111. By selecting the prescribed profile identifier, a prescribedalgorithm identifier and a prescribed encryption key identifier pairedas a profile identified by the prescribed profile identifier areselected.

As stated above, the fifth embodiment is an embodiment wherein the stepof selecting a version is performed separately compared to the fourthembodiment. By the configuration as stated above, the effect similar tothat in the fourth embodiment can be achieved. Further, in addition tothe effect according to the first embodiment, it is also possible toeliminate algorithms having security problems.

As stated above, there is provided according to the above-mentionedembodiment an authenticating method including:

a first transmitting step to transmit, from an authenticated devicestoring a plurality of algorithm identifiers and a plurality ofencryption key identifiers, to an authenticating device, the pluralityof algorithm identifiers and the plurality of encryption key identifiersstored;

a first receiving step to receive the plurality of algorithm identifiersand the plurality of encryption key identifiers transmitted from theauthenticated device by the first transmitting step, at theauthenticating device storing at least one algorithm identifier and atleast one encryption key identifier;

a selecting step to select, at the authenticating device, a prescribedalgorithm identifier and a prescribed encryption key identifier to bestored by the authenticating device from among the plurality ofalgorithm identifiers and the plurality of encryption key identifiersreceived by the receiving step, when the at least one algorithmidentifier and the at least one encryption key identifier stored by theauthenticating device exist among the plurality of algorithm identifiersand the plurality of encryption key identifiers received by the firstreceiving step;

a second transmitting step to transmit the prescribed algorithmidentifier and the prescribed encryption key identifier selected by theselecting step, from the authenticating device to the authenticateddevice;

a second receiving step to receive the prescribed algorithm identifierand the prescribed encryption key identifier transmitted by the secondtransmitting step, from the authenticating device, at the authenticateddevice; and

an authentication processing step to perform an authentication processbetween the authenticating device and the authenticated device, based onthe prescribed algorithm identifier and the prescribed encryption keyidentifier received by the second receiving step.

Alternatively, there is provided according to the above-mentionedembodiment an authenticating method including:

a first transmitting step to transmit, from an authenticated devicestoring at least one algorithm identifier and at least one encryptionkey identifier, to an authenticating device, the at least one algorithmidentifier and the at least one encryption key identifier stored;

a first receiving step to receive the at least one algorithm identifierand the at least one encryption key identifier transmitted from theauthenticated device by the first transmitting step, at theauthenticating device storing a plurality of algorithm identifiers and aplurality of encryption key identifiers;

a selecting step to select, at the authenticating device, a prescribedalgorithm identifier and a prescribed encryption key identifier to bestored by the authenticating device from among the at least onealgorithm identifier and the at least one encryption key identifierreceived by the receiving step, when at least one of the plurality ofalgorithm identifiers and at least one of the plurality of encryptionkey identifiers stored by the authenticating device exist among the atleast one algorithm identifier and the at least one encryption keyidentifier received by the first receiving step;

a second transmitting step to transmit the prescribed algorithmidentifier and the prescribed encryption key identifier selected by theselecting step, from the authenticating device to the authenticateddevice;

a second receiving step to receive the prescribed algorithm identifierand the prescribed encryption key identifier transmitted by the secondtransmitting step, from the authenticating device, at the authenticateddevice; and

an authentication processing step to perform an authentication processbetween the authenticating device and the authenticated device, based onthe prescribed algorithm identifier and the prescribed encryption keyidentifier received by the second receiving step.

It is possible to allow parts or the whole of what are explained as“units” in the above explanations for each embodiment to be configuredwith programs operable on computers. Those programs can be written in Clanguage, for example. Alternatively, HTML, SGML or XML may be used.

FIG. 14 is a hardware configuration diagram.

When programs operable on computers constitute parts or the whole ofwhat are described in the above explanations for each embodiment as“units”, the communication devices 100 and 200 are equipped with CPU 37(Central Processing Unit 37) to execute programs, as described in FIG.14. The CPU 37 incorporates, or connects to via a bus 38, RAM 40 (RandomAccess Memory 40) as one example of a memory device or a memory unit,and a communication port 44 capable of communicating with the outside.Further, it is also possible to configure the CPU 37 to be connected tothe memory devices such as ROM 39 (Read Only Memory 39) and a magneticdisk drive 46 as described in FIG. 14.

When programs constitute parts or the whole of what are described as“units” in the above explanations for each embodiment, the group ofprograms 49 in FIG. 14 stores programs executed by what are described as“units” in the explanations for each embodiment. The group of programs49 is stored in the memory devices. The group of programs 49 is executedby CPU 37, OS 47 etc. The memory devices store results of each process.

Further, such a configuration is also possible to implement what aredescribed as “units” in the explanations for each embodiment, byfirmware stored in ROM 39. Alternatively, such another configuration isalso possible to implement what are described as “units” in theexplanations for each embodiment by software, hardware or combination ofsoftware, hardware and firmware.

Further, such another configuration is also possible to store theprograms to implement each embodiment by using recording apparatuseswith the other recording media, such as a FD (Flexible Disk), an opticaldisk, a CD (Compact Disk), a MD (Mini Disk) or a DVD (Digital VersatileDisk). In such a case, a FDD 45 (Flexible Disk Drive 45), a compact diskdrive 86 (CDD 86) and the like are provided in this configuration asshown in FIG. 14.

INDUSTRIAL APPLICABILITY

The communication device 100 and the communication device 200 as statedabove can be used not only as a roadside device at a store side and anon-board device at a vehicle in ETC, drive-through etc., but also as anauthenticating device and as an authenticated device, between mobilecommunication devices such as mobile telephones, wire communicationdevices, or a wire communication device and a wireless communicationdevice via a based station and the like.

The present invention makes it possible to perform an authentication andkey sharing even between devices implementing different algorithms, andto allow a system and a device to remain operable even when onealgorithm is made unusable due to breaking of the algorithm or the like.

Further, the present invention makes it possible to reduce the risk ofdecrease in security due to breaking of the algorithm or the like.

Further, the present invention makes it possible to reduce chances ofunauthorized decryption by eavesdropping or the like, and to improve thesecurity.

The invention claimed is:
 1. An authenticated device comprising: amemory unit to store at least one algorithm identifier and at least oneencryption key identifier; a transmitting unit to transmit the at leastone algorithm identifier and the at least one encryption key identifierstored by the memory unit to an authenticating device; a receiving unitto receive from the authenticating device a prescribed algorithmidentifier and a prescribed encryption key identifier, selected fromamong the at least one algorithm identifier and the at least oneencryption key identifier transmitted by the transmitting unit; and anauthentication processing unit to perform an authentication process withthe authenticating device, based on the prescribed algorithm identifierand the prescribed encryption key identifier received by the receivingunit.
 2. The authenticated device of claim 1, wherein the memory unitstores at least one algorithm identifier and at least one encryption keyidentifier in such a manner that one algorithm identifier and oneencryption key identifier are paired as one profile; wherein thetransmitting unit transmits, to the authenticating device, the at leastone algorithm identifier and the at least one encryption key identifierstored by the memory unit in such a manner that one algorithm identifierand one encryption key identifier are paired as one profile; wherein thereceiving unit receives, from the authenticating device, the prescribedalgorithm identifier and the prescribed encryption key identifier pairedas a prescribed profile, among the at least one algorithm identifier andthe at least one encryption key identifier transmitted by thetransmitting unit; and wherein the authentication processing unitperforms the authentication process with the authenticating device,based on the prescribed algorithm identifier and the prescribedencryption key identifier paired as the prescribed profile received bythe receiving unit.
 3. The authenticated device of claim 2, wherein thememory unit further stores a version identifier to identify a versionindicating a set in such a manner that one set is formed from at leastone algorithm corresponding to the at least one algorithm identifierstored; wherein the transmitting unit transmits the version identifierstored by the memory unit to the authenticating device; wherein thereceiving unit receives, from the authenticating device, the prescribedalgorithm identifier corresponding to a prescribed algorithm among theat least one algorithm forming the set indicated by the versionidentified by the version identifier transmitted from the transmittingunit; and wherein the authentication processing unit performs theauthentication process with the authenticating device, based on theprescribed algorithm identifier received by the receiving unit and on aprescribed encryption key identifier paired with the prescribedalgorithm identifier.
 4. An authenticating device comprising: a memoryunit to store at least one algorithm identifier and at least oneencryption key identifier; a receiving unit to receive at least onealgorithm identifier and at least one encryption key identifier from anauthenticated device; a selecting unit to select a prescribed algorithmidentifier and a prescribed encryption key identifier to be stored bythe memory unit from among the at least one algorithm identifier and theat least one encryption key identifier received by the receiving unit,when the at least one algorithm identifier and the at least oneencryption key identifier stored by the memory unit exist among the atleast one algorithm identifier and the at least one encryption keyidentifier received by the receiving unit; a transmitting unit totransmit the prescribed algorithm identifier and the prescribedencryption key identifier selected by the selecting unit to theauthenticated device; and an authentication processing unit to performan authentication process with the authenticated device, based on theprescribed algorithm identifier and the prescribed encryption keyidentifier transmitted by the transmitting unit.
 5. The authenticatingdevice of claim 4, wherein the memory unit stores at least one profileidentifier to identify at least one profile, whereby one algorithmidentifier among the at least one algorithm identifier and oneencryption key identifier among the at least one encryption keyidentifier are paired; wherein the receiving unit further receives atleast one profile identifier from the authenticated device; wherein theselecting unit selects a prescribed profile identifier to be stored bythe memory unit from among the at least one profile identifier receivedby the receiving unit, when the at least one profile identifier storedby the memory unit exists among the at least one profile identifierreceived by the receiving unit; wherein the transmitting unit transmitsthe prescribed profile identifier selected by the selecting unit to theauthenticated device; and wherein the authentication processing unitperforms the authentication process with the authenticated device, basedon the prescribed algorithm identifier and the prescribed encryption keyidentifier paired by a prescribed profile identified by the prescribedprofile identifier transmitted by the transmitting unit.
 6. Theauthenticating device of claim 5, wherein the memory unit further storesa version identifier to identify a version of a set in such a mannerthat one set is formed from at least one algorithm corresponding to theat least one algorithm identifier stored; wherein the receiving unitfurther receives a prescribed version identifier from the authenticateddevice; wherein the selecting unit selects the prescribed algorithmidentifier corresponding to one algorithm in the set indicated by theversion identified by the prescribed version identifier received by thereceiving unit; wherein the transmitting unit transmits the prescribedalgorithm identifier selected by the selecting unit to the authenticateddevice; and wherein the authentication processing unit performs theauthentication process with the authenticated device, based on theprescribed algorithm identifier transmitted by the transmitting unit andon a prescribed encryption key identifier paired with the prescribedalgorithm identifier.
 7. An authenticating method comprising: a firsttransmitting step to transmit, from an authenticated device storing aplurality of algorithm identifiers and a plurality of encryption keyidentifiers, to an authenticating device, the plurality of algorithmidentifiers and the plurality of encryption key identifiers stored; afirst receiving step to receive the plurality of algorithm identifiersand the plurality of encryption key identifiers transmitted from theauthenticated device by the first transmitting step, at theauthenticating device storing at least one algorithm identifier and atleast one encryption key identifier; a selecting step to select, at theauthenticating device, a prescribed algorithm identifier and aprescribed encryption key identifier to be stored by the authenticatingdevice from among the plurality of algorithm identifiers and theplurality of encryption key identifiers received by the receiving step,when the at least one algorithm identifier and the at least oneencryption key identifier stored by the authenticating device existamong the plurality of algorithm identifiers and the plurality ofencryption key identifiers received by the first receiving step; asecond transmitting step to transmit the prescribed algorithm identifierand the prescribed encryption key identifier selected by the selectingstep, from the authenticating device to the authenticated device; asecond receiving step to receive the prescribed algorithm identifier andthe prescribed encryption key identifier transmitted by the secondtransmitting step, from the authenticating device, at the authenticateddevice; and an authentication processing step to perform anauthentication process between the authenticating device and theauthenticated device, based on the prescribed algorithm identifier andthe prescribed encryption key identifier received by the secondreceiving step.
 8. An authenticating method comprising: a firsttransmitting step to transmit, from an authenticated device storing atleast one algorithm identifier and at least one encryption keyidentifier, to an authenticating device, the at least one algorithmidentifier and the at least one encryption key identifier stored; afirst receiving step to receive the at least one algorithm identifierand the at least one encryption key identifier transmitted from theauthenticated device by the first transmitting step, at theauthenticating device storing a plurality of algorithm identifiers and aplurality of encryption key identifiers; a selecting step to select, atthe authenticating device, a prescribed algorithm identifier and aprescribed encryption key identifier to be stored by the authenticatingdevice from among the at least one algorithm identifier and the at leastone encryption key identifier received by the receiving step, when atleast one of the plurality of algorithm identifiers and at least one ofthe plurality of encryption key identifiers stored by the authenticatingdevice exist among the at least one algorithm identifier and the atleast one encryption key identifier received by the first receivingstep; a second transmitting step to transmit the prescribed algorithmidentifier and the prescribed encryption key identifier selected by theselecting step, from the authenticating device to the authenticateddevice; a second receiving step to receive the prescribed algorithmidentifier and the prescribed encryption key identifier transmitted bythe second transmitting step, from the authenticating device, at theauthenticated device; and an authentication processing step to performan authentication process between the authenticating device and theauthenticated device, based on the prescribed algorithm identifier andthe prescribed encryption key identifier received by the secondreceiving step.
 9. An authenticating method comprising: transmitting,from an authenticated device storing a plurality of algorithmidentifiers and a plurality of encryption key identifiers, to anauthenticating device, the plurality of algorithm identifiers and theplurality of encryption key identifiers stored; receiving the pluralityof algorithm identifiers and the plurality of encryption key identifierstransmitted from the authenticated device, at the authenticating devicestoring at least one algorithm identifier and at least one encryptionkey identifier; selecting, at the authenticating device, a prescribedalgorithm identifier and a prescribed encryption key identifier to bestored by the authenticating device from among the plurality ofalgorithm identifiers and the plurality of encryption key identifiersreceived, when the at least one algorithm identifier and the at leastone encryption key identifier stored by the authenticating device existamong the plurality of algorithm identifiers and the plurality ofencryption key identifiers received; transmitting the prescribedalgorithm identifier and the prescribed encryption key identifierselected, from the authenticating device to the authenticated device;receiving the prescribed algorithm identifier and the prescribedencryption key identifier transmitted from the authenticating device, atthe authenticated device; and performing an authentication processbetween the authenticating device and the authenticated device, based onthe prescribed algorithm identifier and the prescribed encryption keyidentifier received.
 10. An authenticating method comprising:transmitting, from an authenticated device storing at least onealgorithm identifier and at least one encryption key identifier, to anauthenticating device, the at least one algorithm identifier and the atleast one encryption key identifier stored; receiving the at least onealgorithm identifier and the at least one encryption key identifiertransmitted from the authenticated device, at the authenticating devicestoring a plurality of algorithm identifiers and a plurality ofencryption key identifiers; selecting, at the authenticating device, aprescribed algorithm identifier and a prescribed encryption keyidentifier to be stored by the authenticating device from among the atleast one algorithm identifier and the at least one encryption keyidentifier received, when at least one of the plurality of algorithmidentifiers and at least one of the plurality of encryption keyidentifiers stored by the authenticating device exist among the at leastone algorithm identifier and the at least one encryption key identifierreceived; transmitting the prescribed algorithm identifier and theprescribed encryption key identifier selected, from the authenticatingdevice to the authenticated device; receiving the prescribed algorithmidentifier and the prescribed encryption key identifier transmitted fromthe authenticating device, at the authenticated device; and performingan authentication process between the authenticating device and theauthenticated device, based on the prescribed algorithm identifier andthe prescribed encryption key identifier received.